Oracle Audit Vault 10g 10.2.3 Installation and Configuration

For this excersie we will install Oracle Audit Vault Server 10.2.3.0 on a Solaris 10 SPARC-64 Box. The Agent will be added on a windows server 2003 running Oracle 10gR2 10.2.0.4. The agent and source db is one physical server. Important terms tomake sure whatever we do henceforth makes sense.ecc – name of the agent. -agentname refers to this valueeccdbtest.online.com – Host name of the agent server and source database. -hostname refers to this valueav – SID of Oracle Audit vault serverprimary – SID of the source db172.20.4.220 – ip of audit vault server172.20.4.82 – ip of source database1521 – port of access for lsitener on both audit vault server and source databaseavsrc_prod – name of the schema user created on source DB. This user sort of acts as a conduit between the agent and the audit vault server. ######THIS IS YOUR SOURCE NAME USED FOR ADDING SOURCE AND COLLECTORS#######PRIMARY – name of the source (it is case-sensitive) -srcname refers to this value . This is actually not Source Name but the absolute SOurce after creatting the sources. Sorry for the confusing language, But Oracle Document itself is very confusing on Source, Source Name and Collectors. Theseterms are specially difficult for DBA’s to grasp. But once you get a hold of it. It’s a breeze walk 🙂 Refer to these links below. Very Helpful :1. http://oracledoug.com/serendipity/index.php?/archives/1466-Adding-a-new-Oracle-host-to-Audit-Vault.html 2. http://download.oracle.com/docs/cd/E11062_01/admin.1023/e11059/avadm_mng_config.htm#CEGBIGDF 3. http://download.oracle.com/docs/cd/E11062_01/admin.1023/e11059/avadm_mng_config.htm#CEGFGEDA1. [AV Server] Install Oracle Audit vault server on a new server2. [AV Server] After the AV server is installed and started. Access the web interface and make sure everything working3. [Source Database] Now select an oracle db server which has to be audited. Download the colelction agent for the OS onwhich this oracle db is running. In our case we will do it on an Oracle DB running on Windows Server 2003 Before installing the agent. Add the agent on the audit vault server (see below step for this) Also edit the .profile of the user from which the audit vault server was installed and make sure you set ORACLE_HOME and ORACLE_SID parameter.3. [AV Server]

./avca add_agent -agentname ecc -agenthost eccdbtest.online.com

# make sure you edit the /etc/hosts file to have the ip:host mapping for the server4. [Source Database] Now go back to the collection agent server and run the setup and provide the details asked. the audit vault connection string will be as below:

172.20.4.220:1521:av

where 172.20.4.220 is ip of audit vault server 1521 is the listening port for audit vault server av is the sid of the audit vault server And the login credentials of the agent is as created above5. [Source Database] Create an account in the database that you want to collect audit data from and then assign the correct privileges to it. (Note that you only need to run the last command if you’ll be using the Redo Collector)

source PRIMARY verified for Aud$/FGA_LOG$ Audit Collector collector Adding collector… Collector added successfully. collector successfully added to Audit Vault remember the following information for use in avctl Collector name (collname): DBAUD_Collector If you added REDO as part of the source collection at Step 5. Then add a redo collector as well[AV Server] Adding the REDO Collector to Audit Vault

Enter Source user name: avsrc_prod Enter Source password: adding credentials for user avsrc_prod for connection [SRCDB1] Storing user credentials in wallet… Create credential oracle.security.client.connect_string3 done. updated tnsnames.ora with alias [SRCDB1] to source database verifying SRCDB1 connection using wallet ### Make sure the ORACLE_HOME and ORACLE_SID parameter is not set. Open a new shell or new windows command shell and then execute this command #####10. [AV Server] Start Agent if in stopped State

avctl start_agent -agentname ecc

11. [AV Server] Start Collectors if in Stopped state. The name of the collectors you can get from the information you saved before above after adding the collectors. In case you dont have the collector names saved. Go to web interface and collect this information. Also you can start collectors from web interface. At AV server. Check AVCTL is up

$ avctl start_av_status

If the avctl show_status command indicates that the Audit Vault Console is not running, enter the following command:

$ avctl start_av

[ AGENT] Run the following AVCTL command in the Oracle Audit Vault Agent home to check its status.